3d77a7cbc9
secrets/common: allow crappy to access these secrets
2024-06-11 00:27:37 +00:00
beef453802
sops: fix key map after universal -> common rename
2023-05-16 07:19:09 +00:00
ed020b56c0
secrets: split moby.yaml into file-per-secret
2023-05-14 02:42:07 +00:00
974656a80a
secrets: split lappy.yaml into per-secret files
2023-05-14 02:33:21 +00:00
318efe09e2
secrets: split desko.yaml into one-secret-per-file
2023-05-14 02:29:30 +00:00
174bc539bc
moby: enable a statically-assigned but encrypted password
2022-10-24 07:39:50 -07:00
9ef457c0dd
secrets/servo: grant access to lappy
2022-10-24 06:56:16 -07:00
b658b93c64
lappy: store the hashed user passwd in git and decrypt it into /etc/passwd on boot
...
this approach lets me persist the password. persisting /etc/shadow
directly wasn't so feasible. populating /etc/shadow at activation time
is something nix already does and is easy to plug into.
so we store the passwd hash in this repo, but encrypt it to the
destination machine's ssh pubkey to add enough entropy that it's not
brute-forceable through the public git repo.
2022-10-23 06:53:06 -07:00
a3db626a00
servo: matrix-appservice-discord: hide keys in sops, and enable.
2022-10-05 22:38:20 -07:00
cd89ea884b
secrets: update moby
keys
2022-08-31 17:01:41 -07:00
ceef35af96
add aerc accounts.conf to secret store (and home-manager)
2022-06-20 23:55:43 -07:00
6c810bc82c
update lappy key
2022-06-20 16:03:52 -07:00
2b8ff8d5ae
rename 'uninsane' machine -> 'servo'
2022-06-12 15:11:41 -07:00
fb15f84f1d
desko: enable duplicity backups
2022-06-10 01:43:48 -07:00
22bcfe8853
rotate sops key for desko
2022-06-10 00:32:19 -07:00
d2ea4c5ffe
migrate duplicity PASSPHRASE to sops
2022-06-06 19:06:53 -07:00
4689d49d9f
secrets: add lappy host key to access list
2022-06-06 18:07:28 -07:00
3fea4297a8
secrets: add moby host to the access list
2022-06-06 18:05:28 -07:00
fbd99f0069
re-encrypt keys for uninsane host
2022-06-06 17:53:39 -07:00
a900d9e692
sops: add uninsane host key
2022-06-06 17:52:26 -07:00
b10b6c4aab
sops: add uninsane.colin to access list
2022-06-06 16:57:35 -07:00
0a1c959cb5
sops: add moby and lappy pubkeys
2022-06-06 16:54:05 -07:00
1c16348724
secrets: add an example sops secret
2022-06-06 16:39:27 -07:00